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METHOD, SYSTEM AND DEVICE FOR SERVICE SELECTION VIA A 
WIRELESS LOCAL AREA NETWORK 



Technical Field of the Invention 

The invention relates to a method in a system and a 
system for service selection via a Wireless Local Area 
Network (WLAN) . Further, the invention relates to a 
method in a terminal, a terminal, and a computer program. 

Background of the Invention 

Today, communication and access to information or 
specific networks via various types of data networks is 
important. By introducing Wireless Local Area Networks 
(WLAN) communication and accessing information or . 
networks has become easier and more flexible. One example 
of a WLAN is defined in the IEEE 802.11 standard. For 
example, a person that wants to get a connection via a 
network does not need to search for an unoccupied network 
socket and may freely choose the location where he want 
to be when connecting to the network, as long as the WLAN 
signals reaches this location. 

However, when it comes to selecting different 
services, or views, the network system or a service 
provider decide the service accessible from a terminal 
connecting to the WLAN based on the identity of the 
terminal. In the context of this application a service is 
a network environment that the WLAN terminal is or will 
be connected to, for example the service may be a local 
network , a private network, the Internet, a specific 
service provider provided network, virtual local area 
networks, etc. Thus, a WLAN terminal that is connecting 
to a network is restricted to a service predetermined by 
the network system or the service provider, even if the 
WLAN is able to provide connections to different 
services. 
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Summary of the Invention 

It is an object of the present invention to provide 
an improved WLAN system facilitating selection of various 
5 services. 

This object is accomplished by means of a method for 
service selection according to claim 1, a system for 
selecting services in a network according to claim 6, a 
method in a terminal according to claim 9, a computer 

10 program according to claim 15, a terminal according to 

claim 16, an authentication server according to claim 21, 
and a method in an authentication server according to 
claim 25. Preferred embodiments of the invention are 
disclosed in the dependent claims. 

15 More particularly, according to one aspect, a method 

for service selection in a data network comprising at 
least one Wireless Local Area Network (WLAN) access 
point, comprises: 

sending, from a WLAN terminal, a network access 

20 identifier (NAI) including a service selection indicator 
via the WLAN access point, 

receiving, at an authentication server, the network 
access identifier including a service selection 
indicator, 

25 providing the WLAN terminal with a connection 

to the service that is indicated by said selection 
indicator. 

According to another aspect, a system for selecting 
services in a network comprises: 
3 0 at least one Wireless Local Area Network (WLAN) 

access point, 

at least one WLAN terminal comprising means for 
including a service selection indicator in a Network 
Access Identifier (NAI) and means for sending said NAI 
35 including said service selection indicator via the WLAN 
access point, 
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at least one authentication server comprising means 
for receiving a NAI including said service selection 
indicator, means for extracting said service selection 
indicator from said NAI and means for initiating a 
5 connection to a service indicated by said service 
selection indicator. 

According to a further aspect, a method in a 
terminal for selecting services comprises: 
setting a service selection indicator, 
10 including said service selection indicator in a 

Network Access Identifier (NAI) , 

sending said NAI including said service selection 
indicator over a Wireless Local Area Network (WLAN) , 
receiving at least one message for establishing a 
15 connection to the indicated service. 

According to yet a further aspect, a terminal that ,• 
is enabled for communication via a Wireless Local Area 
Network (WLAN) comprises: 

means for setting a service selection indicator, 
20 means for including said service selection indicator 

in a Network Access Identifier (NAI), 

means for sending said NAI including said service 
selection indicator, 

means for establishing a connection to a indicated 
25 service in response to at least one message for 
establishing a connection. 

According to yet another aspect, an authentication 
server comprises means for receiving a Network Access 
Identifier (NAI) including a service selection indicator, 
30 means for extracting said service selection indicator 
from said NAI, and means for initiating a connection 
between a WLAN terminal and a service indicated by said 
service selection indicator. 

According to a further aspect, a method in an 
3 5 authentication server comprises receiving a Network 
Access Identifier (NAI) including a service selection 
indicator, extracting said service selection indicator 



from said NAI , and initiating a connection between a WLAN 
terminal and a service indicated by said service 
selection indicator. 

In the context of the invention the NAI is an 
5 identifier comprising the identity identifying the WLAN 
terminal and/or an identity identifying the user. Further 
the NAI comprises an identity identifying an 
authentication server that are to be used for 
establishing a connection. 

10 B y including said service selection indicator in a 

NAI it becomes possible to select a service from the WLAN 
terminal. Thus, the user becomes free to make a selection 
of service, if the user or WLAN terminal is entitled to 
do so. Further, a NAI is used in common WLAN protocols in 

15 order to enable roaming and by including the selection 
indicator in the NAI the selection indicator may be sent 
via the WLAN using existing protocols for such 
communication. Thus, the service providers are able to 
provide service selection capability in existing or 

20 future WLAN systems without to much extra effort. 
In one embodiment the NAI is of the form 
<user>@<realm>. In such NAI the service selection 
indicator may be included in the <realm> portion of the 
NAI. 

25 In another embodiment an Authentication 

Authorization Accounting (AAA) protocol is used for the 
communication to the WLAN terminal. The use of an AAA 
protocol in combination with the service selection 
indicator may facilitate provision of billable services. 

30 Thus, possibly making service providers more eager to 
provide a plurality of services resulting in a greater 
freedom for users to select services. 

In yet another embodiment tunnel attributes relating 
to an indicated service may be provided to the WLAN 

35 terminal. This makes it possible provide the user with 
any type of service that can be tunneled. 



In a further embodiment Virtual Local Area Network 
(VLAN) attributes relating to an indicated service may be 
provided to the WLAN terminal. This makes it possible to 
connect the user to a user selected VLAN. 

In one embodiment the user identity, the service 
selection indicator, and a billable feature is logged in 
facilitate administration of billing of services utilized 
by the user having said user identity. 

A further scope of applicability of the present 
invention will become apparent from the detailed 
description given below. However, it should be understood 
that the detailed description and specific examples, 
while indicating preferred embodiments of the invention, 
are given by way of illustration only, since various 
changes and modifications within the spirit and scope of 
the invention will become apparent to those skilled in 
the art from this detailed description. 

Brief Description of the Drawings 

Other features and advantages of the present inven- 
tion will become apparent from the following detailed 
description of a presently preferred embodiment, with 
reference to the accompanying drawings, in which 

Fig. 1 is an schematic overview of one embodiment of 
an improved system, a improved WLAN terminal and an 
improved authentication server, 

Fig. 2 is a schematic block diagram of one 
embodiment of the WLAN terminal in Fig. 1, 

Fig. 3 is a flowchart of a service selection process 
in one embodiment of the WLAN terminal in Fig. 1, 

Fig. 4 is a schematic block diagram of one 
embodiment of the authentication server in Fig. l, 

Fig. 5 is a flowchart of a service selection process 
in one embodiment of the authentication server in Fig. l, 

Fig. 6 is a timing diagram of one embodiment of the 
system in Fig. 1 . 



Detailed Description of an Embodiment 

In Fig. l an schematic overview of a network system 
in which the invention may be used is shown. The system 
comprises a data network 10, a Wireless Local Area 
Network (WLAN) access point 12, an authentication server 
14 and a WLAN terminal 16. The network 10 may be a Local 
Area Network (LAN) , a Wide Area Network (WAN) , the 
Internet, a wireless network, a wired network, etc. The 
WLAN access point 12 enable network communication from 
the WLAN terminal 16, which is arranged to communicate 
using WLAN protocols. The WLAN terminal 16 may be any 
WLAN enabled terminal, for example, a lap top, a personal 
digital assistant (PDA), cellular telephone, etc. The 
WLAN may be any type of WLAN that enables the WLAN 
terminal 16 to provide its identity and/or the identity 
of the user to the network 10 and that enables the WLAN 
terminal 16 to provide the identity of an authentication 
server 14 that are to be used to the network 10. For 
example, a WLAN according to IEEE 802 standard, WPAN, 
Bluetooth, Home RF, or HIPERLAN. In the context of the 
invention an identifier providing the above mentioned 
identities is called a Network Access Identifier (NAI) . 

The authentication server 14 is a system for 
authorizing access to a service and is provided by a 
service provider. The authentication server 14 includes a 
network connection means 28, means 30 for authenticating 
a WLAN terminal, means 32 for extracting a service 
selection indicator from a received NAI, and means 34 for 
providing connection attributes corresponding to a 
selected service. In one embodiment the authentication 
server 14 may be an Authentication Authorization 
Accounting Server. 

A service provider is a company, an organization or 
a department that provides access to one or a plurality 
of network environments, for example, a local network 10, 
a private network 18, the Internet 10, a specific 
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network 20 provided by the service provider, virtual 
local area networks (VLAN) 22 , etc. 

The WLAN terminal 16 comprises means 24 for adding a 
service selection indicator to a NAI and a WLAN 
5 transceiving means 26 for sending data packets to and 
receiving data packets from a WLAN access point 12. 

In Fig. 2 there is shown a schematic view of an 
embodiment of a WLAN terminal 200. The WLAN terminal 
comprises WLAN transceiving means 202. The transceiving 

10 means 202 comprises a protocol stack including protocols 
for handling the communication, the stack may include 
parallel protocols for communications according to 
different communication standards or communication 
methods. At least one protocol at the data link layer, 

15 according to the Open System Interconnection (OSI) 

reference model, ISO 7498, is arranged to include a NAI 
in a data packet for transmission to the WLAN access 
point . 

According to one embodiment, the WLAN terminal 
20 comprises input means 204 and service selector means 206. 
The service selector means 206 is arranged to receive an 
input from the input means 204 and include a service 
selection indicator in the NAI. The input received from 
the input means 204 may, for example, be the complete 
25 service selection indicator that is to be included in the 
NAI or it may be a reference to a service selection 
indicator stored in the WLAN terminal 200. In the latter 
case the service selector means 206 retrieves the 
complete service selection indicator and includes it in 
30 the NAI. The input means 204 may, for example, be a 
keyboard, a scanner, a pressure sensitive surface, a 
microphone combined with voice recognition, a pointing 
device etc. 

In one embodiment the WLAN terminal 200 comprises 
35 display means 208. In such embodiment the service 

selector means 206 may be arranged to present a list of 
services to select from. 
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In an embodiment, in which the WLAN operates 
according to IEEE 802, the NAI may look like 
<username>@<realm>. The <username> is the identity of the 
user and/or the WLAN terminal and the <realm> is the 
5 identity of the authentication server that is to handle 
the service request from the terminal. Such NAI may, for 
example, look like name@serviceprovider.com. The service 
selection indicator may be inserted anywhere in the NAI. 
In one embodiment the service selection indicator is 
10 inserted between the "@" and the <realm>, i.e. 

<username>@< service selection indicator ><realm>, but the 
service selection indicator may be inserted anywhere in 
the NAI. 

In Fig. 3 there is shown a flowchart of the service 

15 selection process in one embodiment of a WLAN terminal . . 
The WLAN terminal starts with presenting a list of 
services on the display device, step 300. Then a user of 
the WLAN terminal is able to make a selection from said ; 
list of services, step 302. The user may do the selection 

20 by inputting a reference number referring to the desired 
service in the list, by pointing and clicking at the 
desired service, by speaking a reference to a selection 
into a microphone, etc. From the selection made by the 
user a reference to the selected service is generated and 

25 by means of this reference the WLAN terminal retrieves 
and sets a service selection indicator, step 304. Then 
the WLAN terminal insert the service selection indicator 
into the NAI, step 306. When the service selection 
indicator is inserted in the NAI the WLAN terminal sends 

30 the service request, included in the NAI, over the WLAN, 
step 308. 

Now referring to Fig. 4 and Fig. 5. In Fig. 4 one 
embodiment of the authentication server 400 is 
schematically shown and in Fig. 5 an flowchart over the 
35 service selection process in one embodiment of the 

authentication server 400 is shown. The authentication 
server 400 includes a network connection means 402 for 
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communication over the network 403 that it is connected 
to. The network 403 may, for example, be a Local Area 
Network (LAN) , a Wide Area Network (WAN), the Internet, a 
wireless network, a wired network, etc. Via the network 
5 connection 402 the authentication server 400 receives a 
data packet carrying a NAI including a service selection 
indicator, step 502. The NAI is passed to an 
authentication processing means 404, step 504. The 
authentication processing means 404 comprises means 406 

10 for extracting a service selection indicator from a NAI. 
The means 406 for extracting a service selection 
indicator extracts the service indicator from the NAI, 
step 506. Then the authentication processing means 404 
access a database 4 08 including information regarding who 

15 or which devices and/or users that are authorized to 

connect to specific services, step 508. The database 408 
may be provided within the authentication server or as 
one or a plurality of external databases connected 
directly to the authentication server or via the network 

20 connection. Thus, the authentication server 404 utilizes 
the identity included in the NAI and the service 
selection indicator to determine whether the sender of 
the NAI is authorized to connect to the service that the 
service selection indicator points out or not, step 509. 

25 If the sender is not authorized to connect to the 

service, then a message indicating that the authorization 
for the requested service has failed is sent to the 
requesting WLAN terminal, step 510. However, if the 
sender is authorized to connect to the service, then the 

30 authentication server initiate the connection of the WLAN 
terminal to the service, step 512, for example, by 
sending to the WLAN terminal the attributes necessary for 
setting up the connection. 

In Fig. 6 there is shown an example timing diagram 

35 of one embodiment. In the timing diagram the Extensible 
Authentication Protocol (EAP) and the access control 
protocol called "Remote Authentication Dial -In User 
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Service" (RADIUS) is used, however, any protocol 
resulting in corresponding functionality may be used, 
e.g. Diameter, which is a protocol developed from the 
RADIUS protocol, or any future Authentication 
5 Authorization Accounting protocol (AAA-protocol) . The 
WLAN access point starts with requesting the identity of 
the user/WLAN terminal. For this purpose the access point 
sends an EAP- Request /Identity packet, 602, to the WLAN 
terminal . The WLAN terminal responds with an EAP- 

10 Response/ Identity packet 604, which includes the NAI 

including the service selector indicator. The WLAN access 
point then sends a RADIUS Access-Request packet 606, 
which includes the NAI including the service selector 
indicator, to the authentication server. When the 

15 authentication server has received the RADIUS Access- 
Request packet 606 it checks whether the terminal and/or 
the user is authorized to connect to the requested 
service or not. If the user/terminal is not authorized, 
then the authentication server refuses the connection 

20 attempt. 

However if the user/terminal is authorized, then the 
authentication server sends a RADIUS Access-Challenge 
packet 608, including an EAP-request, to the WLAN Access 
point. When the RADIUS Challenge -Challenge packet 608 is 

25 received at the WLAN Access point, the WLAN Access point 
sends an EAP-request packet 610, including the above 
mentioned EAP-request, to the WLAN terminal. The WLAN 
terminal responds to this packet 610 by sending an EAP- 
response packet 612 to the WLAN access point, which then 

30 sends a RADIUS Access-Request packet 614, including the 
EAP-response, to the authentication server. The procedure 
of sending packets 608, 610, 612, and 614 may be repeated 
N number of times. The value of N varies depending on the 
authentication method used. 

35 The authentication is completed either as a failure, 

if the WLAN terminal and/or user failed the 
authentication process, or as a success, if the WLAN 
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terminal was successfully authenticated. If the 
authentication is a failure the authentication server 
sends a failure packet to the WLAN terminal via the WLAN 
access point. However, if the authentication is a success 
the authentication server retrieves the network 
attributes needed for providing a connection in 
accordance with the service that was requested by means 
of the service selector indicator. For example, the 
network attributes may be tunnel attributes for a Virtual 
LAN identifier, which directs the data packets of the 
WLAN terminal to a specific Virtual LAN. Then the 
authentication server sends a RADIUS Access-Accept 
packet 616, including the network attributes for the 
requested service, to the WLAN access point. The WLAN 
access point then provides the WLAN terminal with an EAP- 
Success packet 618, and now the WLAN terminal has access 
to the requested service. 

By making services selectable for a user and by 
utilizing an AAA-protocol, e.g. RADIUS, a service 
provider may easily create, provide and log billable 
services and a user may get access to an increasing 
number of services. For example, it is possible to 
generate a log of every user and the services the user 
has utilized. An indicator of the selected service and 
the identity of the user is sent to the access server by 
means of the NAI and is thus easily registered in the 
log. Further, the identity of the user/terminal may be 
confirmed by means of an authentication process, such 
process may utilize a signaling scheme generating packets 
corresponding to the packets 608, 610, 612, 614 in 
Fig. 6. Additional, a billable feature is measured and 
registered in the log, such billable feature may be a 
time interval during which the service has been used, an 
amount of data transferred to, from or both to and from 
the WLAN terminal, the number of times the service has 
been used, etc. The log may then be used by the service 
provider for billing the user. 
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In one embodiment the functionality of the WLAN 
terminal and the authentication server may be implemented 
by means of software code that are arranged to be run in 
the WLAN terminal and the authentication server, 
respectively. 
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CLAIMS 

1 . Method for service selection in a data network 
5 comprising at least one Wireless Local Area Network 
(WLAN) access point, said method comprising: 

sending, from a WLAN terminal, a network access 
identifier (NAI) including a service selection indicator 
via the WLAN access point, 
10 receiving, at an authentication server, the network 

access identifier including a service selection 
indicator, 

providing the WLAN terminal with a connection to the 
service that is indicated by said selection indicator. 
15 2. Method according to claim 1, wherein the NAI is 

of the form <user>@<realm> and the service selection 
indicator is included in the <realm> portion of the NAI. 

3. Method according to any one of claim 1 or 2, 
wherein communication to and from said WLAN terminal 

20 utilizes an Authentication Authorization Accounting (AAA) 
protocol . 

4. Method according to any one of claims 1-3, 
wherein said providing the WLAN terminal with a 
connection includes transferring tunnel attributes to 

25 said WLAN terminal. 

5. Method according to any one of claims 1-4, 
wherein said providing the WLAN terminal with a 
connection includes transferring Virtual Local Area 
Network attributes t,o said WLAN terminal. 

30 6. A system for selecting services in a network, the 

system comprising: 

at least one Wireless Local Area Network (WLAN) 
access point, 

at least one WLAN terminal comprising means for 
35 including a service selection indicator in a Network 
Access Identifier (NAI) and means for sending said NAI 
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including said service selection indicator via the WLAN 
access point, 

at least one authentication server comprising means 
for receiving a NAI including said service selection 
5 indicator, means for extracting said service selection 
indicator from said NAI and means for initiating a 
connection to a service indicated by said service 
selection indicator. 

7. A system according to claim 6, wherein said means 
10 for initiating a connection is arranged to send tunnel 

attributes relating to said connection. 

8. A system according to any one of claims 6-7, 
wherein said means for initiating a connection is 
arranged to send Virtual Local Area Network (VLAN) 

15 attributes relating to said connection. 

9. A method in a terminal for selecting services, 
said method comprising: 

setting a service selection indicator, 
including said service selection indicator in a 
20 Network Access Identifier (NAI) , 

sending said NAI including said service selection 
indicator over a Wireless Local Area Network (WLAN) , 

receiving at least one message for establishing a 
connection to the indicated service. 
25 10. Method according to claim 9, further comprising 

receiving an input from the user indicating a selected 
service . 

11. Method according to any one of claims 9-10, 
further comprising presenting selectable services for a 

30 user. 

12. Method according to any one of claims 9-11, 
wherein the NAI is of the form <user>@<realm> and the 
service selection indicator is included in the <realm> 
portion of the NAI. 

35 13. Method according to any one of claims 9-12, 

wherein said receiving at least one message establishing 
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a connection further comprises receiving tunnel 
attributes for use in establishing the connection. 

14. Method according to any one of claims 9-13, 
wherein said receiving at least one message establishing 

5 a connection further comprises receiving Virtual Local 
Area Network (VLAN) attributes for use in establishing 
the connection. 

15. A computer program directly loadable into the 
internal memory of a terminal, the computer program 

10 comprising software code portions for performing the 
method of any one of claims 9-14. 

16. A terminal that is enabled for communication via 
a Wireless Local Area Network (WLAN) , said terminal 
comprising: 

15 means for setting a service selection indicator, 

means for including said service selection indicator 
in a Network Access Identifier (NAI) , 

means for sending said NAI including said service 
selection indicator, 
20 means for establishing a connection to a indicated 

service in response to at least one message for 
establishing a connection. 

17. Terminal according to claim 16, further 
comprising input means for input of an indicator of a 

25 selected service. 

18. Terminal according to any one of claims 16-17, 
further comprising means for presenting selectable 
services for a user. 

19. Terminal according to any one of claims 16-18, 
30 wherein said means for establishing a connection is 

arranged to establish a connection based on received 
tunnel attributes. 

20. Terminal according to any one of claims 16-19, 
wherein said means for establishing a connection is 

35 arranged to establish a connection based on received 
Virtual Local Area Network (VLAN) attributes. 
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21. An authentication server comprising: 
means for receiving a Network Access Identifier 

(NAI) including a service selection indicator, 
means for extracting said service selection 

indicator from said NAI, and 

means for initiating a connection between a WLAN 

terminal and a service indicated by said service 

selection indicator. 

22. Authentication server according to claim 21, 
further comprising means for retrieving attributes for 
setting up a connection to the service indicated by said 
service selection indicator. 

23. Authentication server according to any one of 
claims 21-22, wherein the authentication server is a 
authentication authorization accounting server. 

24. Authentication server according to any one of 
claims 21-23, further comprising a log including at least 
one record, which includes a user identity, a service 
selection indicator, and a value representing a billable 
feature. 

25. A method in an authentication server comprising: 
receiving a Network Access Identifier (NAI) 

including a service selection indicator, 

extracting said service selection indicator from 
said NAI, and 

initiating a connection between a WLAN terminal and 
a service indicated by said service selection indicator. 

26. Method according to claim 25, wherein said 
initiating a connection comprises sending connection 
attributes related to the service that is indicated by 
said service selection indicator. 

27. Method according to any one of claims 25-26, 
further comprising controlling if a user identified in 
the NAI is authorized to access the service indicated in 
the NAI. 
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28. Method according to any one of claims 25-27, 
further comprising logging a billable feature for an 
identified user utilizing an indicated service. 
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